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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term' adjustment. See 37 CFR 1 .704(b). 

Status 

1 )E3 Responsive to communication(s) filed on 30 June 2003 . 
2a)D This action is FINAL. 2b)[KI This action is non-final 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) 03 Claim(s) 1-47 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) KI Claim(s) 1-13,16-28 and 31-45 is/are rejected. 

7) E3 Claim(s) 14-15. 29-30 and 46-47 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)Q The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1. Q Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* see the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1. Claims 1-47 have been examined. 

Priority 

2. This application does not claim priority of an application. Therefore, the effective 
filling data for the subject matter defined in the pending claims of this 
application is 06/30/2003. 

Claim Rejections - 35 USC §102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or 
described in a printed publication in this or a foreign country, before the invention 
thereof by the applicant for a patent. 

4. Claims 1-13. 16-28 and 31-45 are rejected under 35 U.S.C. 102(a) as being 
anticipated by an article written with the title "Understanding Security Policies'* 

(hereinafter referred as Cisco) (Publication date: September 28, 2002) (See reference U) 

5. As per independent claims 1, 16 and 31 Cisco discloses a system for 
providing network-based firewall policy configuration and facilitation, comprising: 

• A firewall facilitation coordinator configured to receive a request to 
add an application not currently supported by a user s firewall policy [Seepage 3, 
paragraph 5-7] ("By By evaluating incoming requests to start a new session against the 
session controls and responses defined in a security policy, Cisco Centri Firewall can 
determine whether to allow that session. If it does allow a session, Cisco Centri Firewall 
also determines how to modify the data that is transferred during that session. Session 
controls are predominately specific to a network service and are used to act upon a 
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session to provide stricter control over what is and what is not allowed during that 
session. Within Cisco Centri Firewall two types of session controls exist: run-time and 
static. Run-time session controls are those.session controls that can be modified at the 
time the session request is received by the firewall Run-time session controls are defined 
using security policies and can either apply to all communications or to a specific network 
service and this run-time session controls meets adding an application not currently 
supported by a user's firewall policy.) and 

• To generate a time window during which a user can run the 
application; [See table 4-1 on page 3 and 4, see common Run-time controls] (These 
session controls are common to all network sendees. They define the basic elements of 
any session, such as its time of day, date, User ID, Host ID, and type of service. These 
controls are defined using security policies.) and 

• A policy modification agent adapted to communicate with the firewall 
facilitation coordinator, the policy modification agent configured to receive a 
firewall modification request from the firewall facilitation coordinator, to be 
aware of communications or packets observed by the firewall during the time 
window, and to modify the user s firewall policy. [See page 3, paragraph 5-7 and see 
also table 4-1 on page 3 and 4, see common Run-time controls] (By evaluating incoming 
requests to start a new session against the session controls and responses defined in a 
security policy, Cisco Centri Firewall can determine whether to allow that session. If it 
does allow a session, Cisco Centri Firewall also determines how to modify the data that is 
transferred during that session. Run-time session controls are those session controls that 
can be modified at the time the session request is received by the firewall. Run-time 
session controls are defined using security policies and can either apply to all 
communications or to a specific network service. These session controls are common to all 
network services. They define the basic elements of any session, such as its time of day, 
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date, User ID, Host ID, and type of service. These controls are defined using security 
policies) 

6. As per claims 2-13. 17-28 and 32-45 Cisco discloses a system/ method as 
applied to claims above. Furthermore Cisco discloses the method/ system, further 
comprises a firewall process adapted to communicate with the policy modification 
agent, the firewall process includes the user's firewall policy, a firewall 
communications or packet inspector and a firewall filter. [See page 3, Paragraph 3 
and See page 3, paragraph 5-7 and see also table 4-1 on page 3 and 4, see common Run- 
time controls] (Similarly, Cisco Centri Firewall filters session attempts according to the 
rules defined in a security policy. A security policy specifies which network objects are 
allowed to communicate with each other, and each security policy is designed to enforce 
some part of the overall network security policy defined by an organization. You can 
specify which internal network objects can communicate with which external network 
objects and vice versa. Other options exist by which you can filter communications, such 
as time of day, destination, and type of protocol being used to conduct the communication. 
(By evaluating incoming requests to start a new session against the session controls and 
responses defined in a security policy, Cisco Centri Firewall can determine whether to 
allow that session. If it does allow a session, Cisco Centri Firewall also determines how to 
modify the data that is transferred during that session. Run-time session controls are 
those session controls that can be modified at the time the session request is received by 
the firewall. Run-time session controls are defined using security policies and can either 
apply to all communications or to a specific network service. These session controls are 
common to all network services. They define the basic elements of any session, such as 
its time of day, date, User ID, Host ID, and type of service. These controls are defined 
using security policies) 
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Allowable Subject Matter 



7. 



Claims 14-15, 29-30 and 46-47 are objected to as being dependent upon a 



rejected base claim, but would be allowable if rewritten in independent form including 
all of the limitations of the base claim and any intervening claims. 



8. . The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. (See PTO-Form 892). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Samson B Lemma whose telephone number is 571- 
272-3806. The examiner can normally be reached on Monday-Friday (8:00 am— 4: 
30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, BARRON JR GILBERTO can be reached on 571-272-3799. The fax 
phone number for the organization where this application or proceeding is assigned 
is 703-873-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. 
Should you have questions on access to the Private PAIR system, contact the 
Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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